IEC 62443-4-2: Component Security Requirements

IEC 62443-4-2 specifies technical security requirements for IACS components such as embedded controllers, hosts, applications, and network devices. This page maps those controls to FR 1–7 and QuantLayer capabilities.

• FR 1–2 Identity & Access: passwordless/hardware-rooted identity, device enrollment, MFA/step-up, least privilege authorization, session controls.
• FR 3 Integrity: secure boot evidence, tamper detection, signed policy/config changes, continuous integrity monitoring.
• FR 4 Confidentiality: encrypt logs/policy artifacts, enforce secure channels, manage keys for operations.
• FR 5 Restricted Flows: microsegmentation policies by zone/conduit, allow-lists, staged enforcement.
• FR 6 Response: event correlation, automated containment actions, incident timelines.
• FR 7 Availability: safe enforcement modes, rate-limiting/DoS signals, resilient policy distribution for edge sites.

• Component onboarding: enroll devices/agents with attestation and identity binding before granting access.
• Network enforcement: integrate with gateways/firewalls/switches for conduit control and keep actions auditable.
• SOC/OT visibility: forward events to SIEM/SOAR and OT monitoring while preserving immutable evidence.

• Component identity and enrollment proofs per device/agent.
• Policy enforcement outcomes and exceptions by zone/conduit.
• Integrity events, change history, and remediation actions.